Building An Effective Business Continuity Plan, Step by Step...

Business continuity is one of Shackleton's key services, but what exactly does it involve? We explore the process of building an effective business continuity plan, step-by-step...

A Databarracks industry study revealed only 27% of UK small businesses have a business continuity plan in place should their IT systems fail. Of those, only 73% had tested it within the past year. We don't need to reiterate how unpredictable and devastating IT disasters can be... but it's no use building a BCP that doesn't work.

Shackleton specialise in the creation of effective, detailed and responsive business continuity plans should your company’s IT systems fail for any reason. We've outlined the crucial steps towards setting up an effective business IT continuity plan and, more importantly, ensuring that it does what you need it to do: protect your business.

Assembling a team: To understand how your BCP will protect your business should IT systems fail, you'll need people who understand... your business and its IT systems. Your planning team should understand your company's objectives, be able carry out specific, specialised research on risks, and be able to plan and implement your disaster strategy. While professional help from IT business continuity specialists such as Shackleton offers a head start, you will need to look inwards to maximise the effectiveness of your plan.

Identifying essential IT services: By definition, disasters impede your ability to deliver the standard services you offer clients, but you can limit on-going damage by prioritizing certain services and recovery strategies. This step should form the backbone of your continuity plan: if essential IT services can be protected, you have a foundation from which to recover more completely. Creating a priority list will be useful here, in which you assign degrees of importance to each of your business' services and functions.

Performing a system risk assessment: Business risks come in all shapes and sizes and go far beyond cyber threats, like hacking and malware, to include fire, flooding, lightning strikes, snow, disease, terror alerts, and criminal actions... Some risks involve specific responses which can be meticulously planned for, others require general strategies. Think outside the box: the more thorough and comprehensive your risk assessment, the more effective your response to it will be should your businesses core IT systems fail.

Creating the plan: Make your BCP flexible enough to adapt to the unpredictability of an IT disaster - and then plan for worst-case scenarios. Is your plan structured clearly? Is it efficient? Are your responses adequate: if information protection is one of your goals, do you have sufficient back-up (whether on-site or in the cloud)? If your premises are affected, will your employees be able to operate remotely? Think about details: missing something simple could have catastrophic effects.

Communicating the plan: Your BCP will fail if the people it involves do not understand their roles. Have you considered everyone the plan effects? Depending on what kind of disaster you are facing, the list of affected people involved will vary, and include everyone from employees and suppliers, to customers and shareholders. Communication serves a dual purpose at this stage: aside from actively aiding the recovery of your IT systems, it creates the confidence - before and after disaster - that your plan will succeed.

Testing the plan: There's no use creating a plan that only works in theory. After careful prep, thorough testing will reveal which parts need to be improved. Make your testing environment as authentic as possible for increased accuracy. Afterwards, don't be afraid to brainstorm, revise and replace components of the plan - the work you put in now, will pay off exponentially when it's time to do things for real. Keep your testing schedule fresh and updated - threats evolve, so should you.

There are plenty of online resources and toolkits to help you draw up your BCP, but it should have become clear that there's no 'one size fits all' strategy – here at Shackleton we offer a comprehensive, detailed and tailored business continuity service to keep your business running should disaster strike and your IT systems fail. The whole point of a BCP is to give your business the power to adapt to change: if your plan is based on a framework you drew up years ago, it's time to make it effective again.

Do you need to create a BCP - or dust the cobwebs off your old one? Have you anticipated every type of disaster you face? Share your BCP tips and advice here...

In the summer I wrote about how here at Shackleton, we have aspirations of becoming a world-class managed IT service provider. This time, I take a look at the steps we have taken in the last four months, and where Shackleton stands today…